* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Assignment Group A1
Point-to-Point Protocol over Ethernet wikipedia , lookup
Wireless security wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Airborne Networking wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Distributed firewall wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Internet protocol suite wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Computer network wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
TCP congestion control wikipedia , lookup
Network tap wikipedia , lookup
Packet switching wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Assignment Group-A_1 Problem Definition: Implementation of Packet Sniffer. Program should identify header of each protocol. Use multi-core programming 1.1 Prerequisite: 1. Socket Programming. 2. Header Formats. 3. TCP/IP and OSI. 1.2 Learning Objectives: Understand the working of Packet Sniffing Tool Implementation of Tool for analyzing traffic. 1.3 New Concepts: a. Packet Analyzer b. Python networking related functions 1.4 Theory 1.4.1 Introduction Have you ever thought about how your computer talks with others on a network? Would you like to listen to, or “sniff”, the conversation? Network engineers, system administrators, security professionals and, unfortunately, crackers have long used a tool that allows them to do exactly that. This nifty utility, known as a sniffer, can be found in the arsenal of every network guru, where it’s likely used every day for a variety of tasks. This article will offer a brief overview of sniffers, including what they do, how they work, why users need to be aware of them, and what users can do to protect themselves against the illegitimate use of sniffers 1.4.2 What is a Sniffer? A packet sniffer can be a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. A sniffer program which targets packets of data transmitted over the Internet. Packet sniffing may sound like the latest street drug craze but it's far from it. Packet sniffers or protocol analyzers are tools that are commonly used by network technicians to diagnose network-related problems. A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. Packet capture is the process of intercepting and logging traffic. Figure 1: Packet sniffer 1.4.3 How Does a Sniffer Work? Packet sniffers work by intercepting and logging network traffic that they can 'see' via the wired or wireless network interface that the packet sniffing software has access to on its host computer. On a wired network, what can be captured depends on the structure of the network. A packet sniffer might be able to see traffic on an entire network or only a certain segment of it, depending on how the network switches are configured, placed, etc. On wireless networks, packet sniffers can usually only capture one channel at a time unless the host computer has multiple wireless interfaces that allow for multichannel capture. Once the raw packet data is captured, the packet sniffing software must analyze it and present it in human-readable form so that the person using the packet sniffing software can make sense of it. The person analyzing the data can view details of the 'conversation' happening between two or more nodes on the network. Network technicians can use this information to determine where a fault lies, such as determining which device failed to respond to a network request. Figure 2 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols (in this case, Internet protocols) and applications (such as a web browser or ftp client) that normally run on your computer. The packet sniffer, shown within the dashed rectangle in Figure 1 is an addition to the usual software in your computer, and consists of two parts. The packet capture library receives a copy of every link-layer frame that is sent from or received by your computer. Messages exchanged by higher layer protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually encapsulated in link-layer frames that are transmitted over physical media such as an Ethernet cable. In Figure 1, the assumed physical media is an Ethernet, and so all upper layer protocols are eventually encapsulated within an Ethernet frame. Capturing all link-layer frames thus gives you all messages sent/received from/by all protocols and applications executing in your computer. Figure 2: Packet sniffer structure 5 Header Formats: IP Header Format: TCP Header Format: 1.6 Need of Sniffer: On a normal LAN there are thousands of packets exchanged by multiple machines every minute, ample supply for any attacker.Anything transmitted in plaintext over the network will be vulnerable - passwords, web pages, database queries and messaging to name a few. A sniffer can easily be customized to capture specific traffic like telnet sessions or e-mail. Once traffic has been captured, crackers can quickly extract the information they need - logins, passwords and the text of messages.And the users will likely never know they were compromised - sniffers cause no damage or disturbance to a network environment. 1.7 Sniffer Tools Examples: k1. Wireshark :Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examinewhat’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course).In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed.Wireshark is perhaps one of the best open source packet analyzers available today. 2. TCPDUMP: TCPDUMP is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license,tcpdump is free software. Tcp dump works on most Unix-like operating systems: Linux, Solaris, BSD, OS X, HP-UX and AIX among others. In those systems, tcp dump uses the libpcap library to capture packets. The port of tcp dump for Windows is called Win Dump; it uses Win Pcap, the Windows port of libpcap. Uses of TCPDUMP: Tcp dump prints the contents of network packets. It can read packets from a network interface card or from a previously created saved packet file. Tcp dump can write packets to standard output or a file. It is also possible to use tcp dump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic such as Telnet or HTTP passes can use tcp dump to view login IDs, passwords, the URLs and content of websites being viewed, or any other unencrypted information. The user may optionally apply a BPF-based filter to limit the number of packets seen by tcp dump this renders the output more usable on networks with a high volume of traffic. 1.8 Multicore Programming: A multi-core processor is a single computing component with two or more independent actual central processing units (called "cores"), which are the units that read and execute program instructions.[1] The instructions are ordinary CPU instructions such as add, move data, and branch, but the multiple cores can run multiple instructions at the same time, increasing overall speed for programs amenable to parallel computing. 1.9 Assignment Questions: 1. 2. 3. 4. What is Packet Sniffing? Draw Header Formats of different Protocols like IP, ICMP, TCP, UDP? What is socket Programming? Syntax to create Socket in Python. Why to use Packet Sniffing Tools? Conclusion: Hence we Conclude when we run these program different packets are analyzed by extracting Headers Fields different fields of captured packet.